6
/
16
“This is a call out to users who are living in ignorance of the vulnerability disclosed earlier this year,” said Michael Covington, vice president of products at mobile security leader Wandera. “The WhatsApp vulnerability (on both iOS and Android) allows attackers to target users by simply sending a specially crafted message to their phone number. Exploiting this vulnerability would allow them to access the same things WhatsApp has access to, including the microphone, camera, and contact list.”
Yes, that means attackers had the ability to do a lot of horrible espionage. “This is one of the most widespread issues I've seen affecting mobile devices, and we continue to see older versions on corporate devices,” Covington says. Luckily, this is easy to remove: just update the app to the latest version. At the time of writing, the latest version for Android is 2.19.339, and for iOS it is 2.19.112. If you're already wondering, “Is Whatsapp safe?”, you have a good intuition.
7
/
16
Both Whatsapp and Instagram are owned by Facebook, which contributes to the risk. Instagram “requests several permissions, including the ability to modify and read contacts and storage contents, locate the phone, read call history, modify system settings, and have full access to the network,” said Dave Salisbury, director of the University of Dayton's Cybersecurity and Data Intelligence Center.
Even more worrying is the possibility that updates will automatically add extra features. “You have to remember that on Facebook, and many other places, your users are the product, not the customer,” Salisbury says. “The information you have about them, what they do, where they go, how they interact with you, is valuable. If you're willing to give that up for a free service, that's a legitimate choice. What I want is for users to actually think through their choices in an informed way, and make sure they're getting as much as they're giving.”
8
/
16
Facebook Messenger
Because Messenger is another Facebook app, ProPrivacy digital privacy expert Attila Tomaschek believes it's also important to address. “Removing Facebook Messenger is a no-brainer based on the company's frighteningly lax approach to protecting user privacy,” Tomaschek says. “Messages you send or receive using the Facebook Messenger app are not encrypted, which means all your messages can be seen in plain sight by any Facebook employee with the appropriate permissions.”
The company plans to introduce a “Secret Conversation” mode that would offer encryption, but it will not be a default option and will not be available for the calling feature. “Furthermore, the app will automatically scan links and photos sent by users, and if the algorithm flags suspicious content, the company's employed moderators will read the user's messages,” Tomaszek adds. “Basically, if you don't want your personal data to be subject to Facebook's weak data privacy practices and you want to avoid the possibility of having your private messages eavesdropped on, it's best to limit your losses, delete the app, and look elsewhere.”
If you're looking for an alternative to private messaging apps, Tomaschek recommends the secure messaging app Signal. “Signal messages are protected by the app's own encryption protocol, which many consider to be the most secure messaging protocol available today,” he says. “In fact, even Edward Snowden has recommended Signal as a secure messaging app.”